After the description of the video I specify on how to use a separate Resource server that “authenticates” against the Authorization server, also specify about the token store usage and an Example on how to do a @Query using the Authenticated user has a filter.

He also added a constructor to the AccountEntity I placed it above in the Entity

Now he teaches Spring Security about our database, with an implementation of UserDetailsService, this Interface is a method of how Spring Security will “transform” our internal Account into a User understandable Username Password and all other details related to Spring Security.

loadByUsername also expects a Exception of type UsernameNotFoundException to be thrown in case the username is not found.

Setup a Resource Server separate from the Authorization Server

I’ve managed to setup a Resource Server separated from the Authorization server it’s very easy, just placing the annotation in the main class @EnableResourceServer and in application.properties specify the URI of the user information in the remote Authorization Server.

security.oauth2.resource.userInfoUri=http://localhost:9191/uaa/user

This /user address has to be setup in the Authorization Server of Long example like so:

And had to remove the constructor I had accepting the authenticationManager, and left it only to be inserted by Autowire.

Getting the Principal on the Resource Server…Using the Principal (Active User)to limit the data returned:

Using the Principal on the Resource Server , for this I had to extend the User Object to my own implementation, I didn’t want to touch to much on the Database side of Accounts so I created a new Object UserInfo

Has seen this above has a aditional field Id wich I use to relate the Account to the item being managed in the Resource Server (I’m also returning Roles in this (done by default)). To the Account Entity I added the following method and private class to manage the GrantedAuthority types.

This #security.principal is not in the main docs but I’ve been told in Twitter by JPA Lead Developer ( Oliver Gierke @olivergierke) that it can be a related bug solved in version 2.x of DATA JPA details in the stackoverflow link.

That’s it, if you do the Authentication to the authorization server and use the Bearer token to access the Resource Server you should have access to your Resource.

Handling search and the List of all items in Angular 2 in the same Component

Using the tutorial of Angular 2 for hero search was the base for this, although I wanted that the same table to show the All the items when the search was inactive without having to do a new component (one for searching and another one for listing all products).

On the template I setup the call of the enableSearch and disableSearch events

the enableSearch is fired on keyup meaning someone is starting to search for a name or keyword.

the disableSearch is fired on click of the button “clear search”

I used the two way binding of searchValue so I can clear the searched text when I disable the search

In the component method enableSearch I set a flag searchEnable = true and setup the Observable relation to this.products this way if the search is Enabled I wont set it up again and kill the observable with this new call.

if the search wasn’t enable I set up the observable and put the search term into the observable stream 😡 . The ternary operator would only fire the list if I had the search typed so to get always a result list I had to make these changes, so the table would be filled when a search was on and when there was no search.

And the code bellow disables the search and displays all the products available